Configure authentication rules with PAM

You can use a pluggable authentication module (PAM) to set authentication rules. To configure PAM settings, specify control values in Hiera.

For example, assume that you want to enforce a minimum length of 30 characters for passwords. Because you are implementing the CIS Oracle Linux 8 Benchmark 2.0.0, you go to the CEM Linux Reference and look for the relevant control in that benchmark. The control is 5.5.1, “Ensure password creation requirements are configured,” which specifies a default minimum password length of 14. On the minlen parameter, you replace the default value of 14 with a new value of 30, as shown in the example:

cem_linux::config: 
control_configs: 
  "Ensure password creation requirements are configured": 
      manage_pwquality: true 
      manage_pam_auth: true 
      minlen: 30 
      minclass: 4 
      faillock_args: ["preauth", "silent", "audit", "deny=5", "unlock_time=900"] 
      pwhistory_args: ["use_authtok", "remember=5", "retry=3"]

Was this page helpful?

We’re sorry to hear that!
Please tell us why so we can help. Enter your feedback and email. This form is sent to the Puppet docs team. We ask for your email as we might contact you regarding your feedback. If you need help with the product itself, visit Puppet Support or ask in Puppet Community on Slack. Feedback:

Email Address:

To learn about how Puppet uses your personal information, visit our privacy policy.

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.